In one of the most complex and innovative hacking campaigns detected to date, a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites, according to ZDNet. This attack is often referred to as web skimming, where hackers breach websites and then hide malicious code on its pages, code that records and steals payment card details as they’re entered in checkout forms. However, this campaign was more sophisticated than most, as the only thing modified on the hacked sites was the favicon – the logo image shown in browser tabs.
Although web skimming has been around for a few years now, this campaign takes the remarkable skill needed to the next level. To go below the radar is quite a feat alone – but to use the favicon, where security professional would rarely look, shows the extent to which hackers will go to in order to remain undetected.
Web skimming can be extremely lucrative if it works, hence cyber criminals are going to great lengths to achieve this digital heist. Once pulled off, it can often be months before the alarm bells ring.
Websites and organisations must remain alert to new and intuitive methods deployed by hackers. This relies heavily on updating regularly and installing all available patches at the earliest opportunity, along with web admins remaining on top of the latest threats.